Extracting prog: 3m26.937231635s
Minimizing prog: 35m23.217318513s
Simplifying prog options: 3m29.482543461s
Extracting C: 1m56.209341784s
Simplifying C: 0s


extracting reproducer from 38 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING-gettid
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)
gettid()

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 2, 13, 24, 11, 30, 30, 15, 30, 9, 29, 6, 11, 11, 30, 5, 16, 12, 17, 7, 21, 16, 17, 8, 6, 16, 10, 29, 17, 16, 28, 40, 3, 6, 21, 7, 10, 3]
detailed listing:
executing program 3:
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r1 = eventfd2(0x2, 0x80001)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x0, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002300), 0x40000, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffff3f, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000040)={0x9a, @time={0x3, 0x9a8}, 0x0, {0x4}, 0xfe, 0x0, 0x1})
pipe2(&(0x7f0000001040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r4, 0xc02c5638, &(0x7f0000000000)={0x1, 0x2})
tee(r1, r3, 0xfffffffffffffc01, 0x0)
tee(r1, r3, 0x60000000000, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000280)=@sack_info={0x0, 0xb, 0x1}, 0xc)
executing program 3:
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x10000003}}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000140)=0xfffffff9, 0x4)
listen(r0, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x20001)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
r5 = accept4$unix(r4, &(0x7f0000000080)=@abs, &(0x7f00000001c0)=0x6e, 0x800)
sendmsg(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000003c0)="62e873bb1ae3d33b20e60dd4677670f69eb26d4378ac8fdae7781c225ecd30818487f02c3a75c911d19b6ab7f297d5da426044f43cc8b5d7505bb52aa2a8a4413ae25931fe4f4d866465c4e53a7564bd19707881b343bb86ecaefd71dd50504d523c61865e06f7821a879bc7687c9f779e56a6f6915f6bb536a6eedb34950a89547f74de5a9b64768b753531e660fc12e3124410e0d13ecd11c4bfc721ec6cb7b626341fd4b72448e95bdaa2fcfdb393a7c34bfec4b98af023537650a7f7aac7325234b7f4262eb18e9ab4067406a5cd", 0xd0}], 0x1, &(0x7f0000000680)=[{0x88, 0x1, 0x4, "9ce4407dba21273d25f0e96e4cf2438915e151c961656715a52b56ce74fcb23ecc7db00820f2078341b2cca4f88cea6cee625ff1f8ae933305deab55fa64aefa0dd149b5f655d9bc13a6400cc633e9c6a98da08165356a859ae837f94de2fc970d04ca66dd5b1d0df39fab26d91837b5220ea6"}, {0x18, 0x112, 0x5, "e307f7571383adec"}, {0x20, 0x10f, 0x4, "e1365e0188cf59c0cd94"}, {0x78, 0x104, 0x10, "6abfbd94e988d2a36972299adefa56b86be8a3fc9d545b3598335e8892797d235fe88767a98dfaad74ea5700befcdc51e14796848c8b499865c3d730089f6852e16de950827cc80d31cfb21e2f3b22cfda9572663282f5d5853706ff021a4f7db2d93655cca0efc1"}, {0x20, 0x101, 0x6, "e8d28f52da42dd039feac6"}, {0x78, 0x9e8626794ebbe359, 0x0, "c9da16bd8d86dcf2965b32ec6a68a86ac9859f701eb6d795dc670e64dad2343bb31260005c57691a84761aea9fd8938ed4721d4b48968ba7a19e72860e27e9993efa0f17f57b3f424ef4f73b01aa703df17af3cd51ee3bfea85757bf7875267fa4e7ee6a25"}], 0x1d0}, 0xc801)
mount$bind(&(0x7f00000002c0)='./file0/file1\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61157800000000006113700000000000bfa000000000000007000000ee0016055e03010000000000640500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000040600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000089a38000000000000000001e00000000a3"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setns(r4, 0x4000000)
executing program 3:
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000000100)={&(0x7f0000000800)=[0x7f, 0x14, 0x1, 0x1, 0x7, 0xffffffff, 0x2, 0x7, 0x59, 0xfffffff1, 0x3, 0xfffffffe, 0x81, 0x0, 0x1, 0x2, 0x101, 0x0, 0x3, 0x8, 0x4, 0x6, 0x4, 0x7, 0x3, 0x7f, 0xc3a, 0x6, 0x9, 0x400, 0x8, 0x44a8ffb, 0xa2, 0x9, 0x5, 0x1, 0x1, 0xad0, 0x9, 0x7, 0x1, 0x8, 0x10, 0x1, 0x1ff, 0x1, 0x1, 0x8, 0x3ff, 0x2, 0x7, 0x2, 0x9, 0x3, 0x992d, 0xc00000, 0xfffffffa, 0x0, 0x3, 0x1, 0x9, 0x1, 0x1, 0x7, 0x4, 0x81, 0x0, 0x9, 0x9, 0x101, 0xc2e3, 0x2, 0x8, 0x0, 0xc, 0xfb8d, 0x6, 0x5, 0x12, 0x1000, 0x81, 0x7, 0x6, 0x800, 0x9, 0x0, 0x2, 0xfffffffe, 0xb, 0xe49, 0x9, 0x1, 0x3ff, 0xf36f, 0xe, 0x6, 0x1, 0x5, 0x0, 0x5, 0x1, 0x7fffffff, 0x8, 0x34c, 0xc86, 0x2, 0x7ff, 0x1ff, 0x0, 0x4d, 0x4, 0x3, 0x9, 0x34f4, 0x80000001, 0xfffffff9, 0x1000, 0x6, 0x8001, 0x2c91, 0x81, 0x3, 0x3, 0x5, 0x8, 0x47, 0x58, 0x1ff, 0xa, 0x17, 0x5, 0x0, 0xc, 0x4e6, 0x3, 0x4, 0x3, 0x7, 0x5, 0x835, 0x350a, 0x8000, 0x8001, 0x81, 0x6, 0x4, 0x5, 0x1, 0x23c, 0xfffffff8, 0x3, 0xffff, 0x10, 0xd, 0x7, 0x10001, 0x9, 0xffff2996, 0x10001, 0xd, 0x5, 0x3, 0x3, 0x6, 0x8, 0x5, 0x1000, 0x67, 0x8, 0x5, 0x389, 0x4, 0x2, 0x3ff, 0xa4, 0x8, 0x3, 0x7, 0x6, 0x5, 0x7ff, 0x5b, 0x400, 0xffff, 0x8, 0x71, 0x4, 0x9, 0x1, 0x5, 0xaf, 0x0, 0xffff, 0x5, 0x0, 0x2, 0x1, 0x8, 0x505ad8c0, 0x4, 0xfffff27e, 0x3, 0x2, 0x200, 0x7745dedb, 0x6, 0x80000000, 0xd, 0x2, 0x3a, 0x4, 0x3, 0x4, 0x3, 0x4, 0x5, 0x6, 0x9, 0x7, 0x1000, 0x6, 0x0, 0x0, 0x3, 0x7, 0x2, 0x7, 0x2, 0x1, 0x401, 0xfffffffd, 0x3, 0x4, 0x7e, 0x9, 0x5, 0x5, 0x5, 0xfffffff7, 0x6, 0x2, 0x8, 0x9, 0x1, 0x80000001, 0x80000001, 0x2520, 0x5, 0x4, 0x7, 0x6, 0x8, 0x7, 0x52, 0x0, 0x8, 0x3, 0xe8f4, 0x5, 0x3, 0x3, 0x1000, 0x6, 0x8001, 0x1, 0x1, 0x4e, 0x5, 0x8, 0x9, 0x3, 0x2, 0x5, 0x9, 0x2, 0x9, 0x9, 0x8, 0x2, 0x9, 0x3, 0x5, 0x8001, 0x7, 0x20004000, 0x80000001, 0x4, 0x2, 0x8001, 0x10000, 0x1, 0x9, 0x1, 0x4, 0xb040, 0x9c1, 0x3, 0x3, 0x5, 0x5, 0x2c, 0x8, 0x2c, 0x5, 0x2, 0x5, 0x2, 0x9000, 0x6, 0x9, 0x9b, 0x1, 0x0, 0x2, 0x514c, 0x6, 0x51, 0x7, 0x5, 0x1, 0x10000, 0x6, 0x2, 0x9, 0x7dd6, 0x7, 0x75, 0x0, 0x6, 0x8, 0x4254, 0x8000, 0x1, 0xa8fd, 0x9, 0x1, 0x0, 0x6, 0xfffffff9, 0x7ff, 0xaa51, 0x3a, 0x3ff, 0x56c, 0x1, 0x0, 0x9, 0x800, 0x0, 0x5, 0x4, 0x440, 0xfff, 0x1, 0x0, 0xed, 0x4, 0x1, 0x96e99f7, 0x2400000, 0x4, 0x7, 0x7ff, 0x8, 0x4e, 0x7, 0x7f, 0x2, 0x0, 0x6, 0x4, 0x2, 0x0, 0x7, 0xfffffff8, 0xd, 0x5, 0x2, 0x2, 0x7, 0x4, 0x5, 0x3, 0x7, 0xfffffc59, 0x1, 0x8000, 0xf716, 0x6, 0x4, 0x2, 0xaa, 0xffffffff, 0xffffff67, 0x5, 0x3, 0x7f, 0x9, 0x1, 0xdf5, 0x4, 0xfffffffc, 0x6, 0x0, 0x5, 0x3ff, 0xcb0, 0x2, 0x7a96, 0x467, 0x0, 0xdac, 0xffffffff, 0xffff, 0x7fffffff, 0x0, 0x5, 0x7ff, 0x6c, 0x800, 0xa, 0x2, 0x6, 0x8, 0x0, 0xd673, 0x10001, 0x8, 0x0, 0x80000001, 0x1, 0xd27, 0x8, 0xfff, 0x9, 0x18c2, 0x5, 0x2, 0x2, 0x9, 0x59, 0x8854, 0x0, 0x273b, 0x3, 0x400, 0x0, 0x5b, 0xa, 0x0, 0x3, 0x2, 0x0, 0x7ff, 0x5, 0xfffffffc, 0x3, 0x3, 0x8, 0x6, 0x9, 0x6a2, 0x8, 0x7, 0x13, 0xdae, 0x3, 0x1ff, 0x4, 0x1, 0x1, 0x5, 0x4, 0x0, 0x0, 0x6, 0x5, 0x1, 0x8001, 0x8, 0x0, 0x1, 0x5, 0x81, 0x0, 0x80000001, 0x84, 0x0, 0xdd7, 0xa2, 0x3, 0xe166, 0x5, 0x1, 0xfffffffa, 0x9, 0xe6, 0x7c53, 0x4, 0x450, 0x6, 0x7fff, 0x7, 0xd, 0xcbf8, 0x8, 0x8, 0x16de, 0xfffffb9a, 0x8001, 0x6, 0x7ff, 0xf, 0x6, 0x3, 0x7, 0xe40, 0x1, 0x3, 0x72, 0x10, 0xcc3, 0x86c00000, 0x3, 0xc0000000, 0x9, 0x0, 0x3, 0x2, 0xc826, 0x9, 0xfffffff1, 0x6, 0xfffffffb, 0x1, 0x8e8, 0x9, 0x4, 0x6, 0x3, 0x3, 0x59b3, 0x3, 0x2, 0x9, 0x400, 0x5, 0x28, 0x5, 0x8001, 0x2, 0xffffffff, 0x10, 0x3, 0x8, 0x0, 0x5cd4, 0xfffffffb, 0x4, 0x0, 0x100, 0x0, 0x5, 0xfffffffb, 0x2, 0x9, 0x7, 0x6, 0x2, 0x688d, 0x100, 0x7, 0x0, 0xc, 0x4, 0x3, 0x1fe3, 0x5, 0x3, 0x81, 0x4, 0x3, 0x9, 0x5, 0xf37a, 0x1, 0x6, 0x116, 0xc, 0x10001, 0x3, 0x0, 0x8000, 0x9, 0xfff, 0x4, 0x7, 0xa264, 0x7, 0x8000, 0x2, 0x6, 0xe, 0x0, 0x200, 0x101, 0x4, 0x4, 0x9, 0x95e1, 0x0, 0x7fff, 0x9, 0x81, 0xb, 0x9, 0x12f, 0x1, 0x0, 0x5, 0x9, 0xe7, 0x5, 0x401, 0x80000000, 0x0, 0x9, 0x7ff, 0xfffffffb, 0x7, 0x6a7, 0x9f69, 0xda, 0x10001, 0x9, 0x2, 0x8, 0x9de, 0x2, 0x10000, 0x8001, 0x5538, 0x9, 0x0, 0xc, 0x3, 0x310, 0x7, 0x5, 0x9, 0x5, 0x80000000, 0x8000, 0x5, 0xb9500000, 0x2, 0x1ff, 0x7, 0xdaf1, 0x4, 0x40, 0x3d8, 0x4, 0x9, 0x3a75, 0xb8, 0x7, 0x756, 0x6, 0xfff, 0x6, 0x8, 0x7, 0x0, 0x9, 0x1, 0xfffffffc, 0x2, 0x0, 0x4, 0x0, 0x6, 0x81, 0x8b7, 0x2, 0x2, 0xfff, 0x7f, 0x5, 0x6, 0x3b, 0x101, 0x10000000, 0x7, 0xf2c7, 0xbe, 0x26f, 0x6, 0xd1, 0x81, 0xc8f, 0x5, 0x9c2, 0xd66, 0x6, 0xc9b2, 0xf1, 0x101, 0x800, 0x4, 0x8001, 0x0, 0x4, 0x400, 0x2, 0x98d, 0xffff, 0x10001, 0x1, 0x5, 0xe, 0xe1d, 0x2, 0x4, 0x200, 0x6, 0x91, 0x6, 0x3, 0x7ff, 0x5, 0x81, 0xbb, 0x7, 0x3, 0x0, 0x0, 0x724, 0x3, 0x0, 0xf45, 0x2, 0x3, 0x400, 0x1, 0x7, 0x3, 0x2, 0x2, 0x7, 0xb5c, 0xfffffff8, 0xfffff000, 0x9, 0x9, 0x2, 0x200, 0x9, 0x8, 0xaf, 0x0, 0x3, 0x3, 0x0, 0x7ff, 0x7f, 0xffff0000, 0x20000001, 0x4, 0x0, 0xfffff019, 0xae, 0xb, 0x5, 0x3, 0xfffffffa, 0x0, 0x9, 0x7d6, 0x2, 0x3, 0x6, 0x7ff, 0xe0, 0x7fff, 0xfffffffb, 0xfffffffa, 0x8, 0x0, 0x3, 0x8, 0x4, 0x9, 0x7ff, 0x0, 0x8, 0x8, 0x10001, 0x10000, 0x8, 0x1, 0xc4, 0xffff, 0x7ff, 0x4, 0x6, 0xd, 0x1, 0x3, 0x5, 0x81, 0x85d, 0x1, 0x5, 0xffffffff, 0x2, 0x3e, 0x4e, 0x7f, 0xa, 0xfffffff3, 0x200, 0x0, 0x6, 0x8, 0xffff228c, 0x6, 0x418bf1a7, 0x3, 0x5967, 0x6, 0x4, 0x40, 0x100, 0x5, 0xb, 0xfff, 0x7, 0x9, 0x8, 0x0, 0xd, 0x7, 0x9, 0x3, 0x8, 0x8, 0x79ff, 0xfffffff9, 0xff, 0x0, 0x8, 0x0, 0x4, 0x64f, 0xb4e, 0x9, 0x10001, 0x7, 0xc9, 0xfffffffe, 0x8, 0x9, 0xc, 0x7, 0x8, 0x71d, 0xf, 0x40, 0x8, 0x1, 0x7544, 0x5, 0x0, 0x4, 0x9, 0xee9, 0xfffff40d, 0x5, 0xfffffffd, 0x7, 0x2, 0x107, 0x5, 0x7, 0x7, 0x1, 0x6, 0x8, 0x4, 0x10001, 0x1, 0x3, 0x2, 0x3, 0x6, 0x8, 0x5, 0xfffffffa, 0xe, 0x200faf, 0xfffffff8, 0x81, 0x7, 0xfff, 0xfffffbff, 0x8, 0x6, 0x3, 0x7ff, 0xffffffff, 0x9, 0x0, 0x1, 0x9, 0x0, 0x8, 0x3, 0x3, 0x5, 0x9, 0x0, 0x2, 0x8, 0x1, 0x9, 0xffff, 0x6, 0x2e1b, 0x63, 0x7c, 0x1000, 0x2, 0x3, 0x1, 0x80, 0x5c84c2f3, 0x138d, 0x10, 0x10, 0x1ad3, 0x2ac8, 0x1, 0xc, 0x8001, 0x2, 0x5, 0x6, 0x5, 0x101, 0x8, 0x5, 0x100, 0x64, 0x7, 0x7f, 0x2, 0xf, 0x6, 0xeb15, 0x3ff, 0x8, 0x200, 0x7, 0x6, 0x10, 0xffffff00, 0x5, 0x1000, 0x10, 0x8, 0x1, 0x101, 0x7, 0x1000, 0x7, 0x6, 0xfffffff1, 0x2, 0xb, 0x6, 0x4, 0x200, 0x9, 0x4, 0x1b, 0x4, 0xfffffffc, 0x401, 0x8, 0x7, 0x0, 0xb, 0x1, 0xb, 0x1, 0xffffffff, 0x7, 0x5, 0x8, 0x78, 0x0, 0x4, 0xa0, 0x2, 0x40, 0xd, 0x2, 0x6, 0xd5, 0x2, 0x4, 0x2, 0x1, 0x10, 0x44, 0x101, 0x2, 0x400, 0x1, 0x3, 0xbb, 0x4, 0xff], 0x2, 0x400, 0x4})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000005880)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb}, {0x7}}}, 0x24}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c001680080001"], 0x30}}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x7, 0x50323234, 0x4, 0x0, [{0x0, 0x9}, {0x1, 0xd420}, {0xea10, 0x9}, {0x10, 0x8001}, {0x80005, 0x1}, {0x3, 0x569}, {0x6, 0x7}, {0x6, 0x10000}], 0xfd, 0x0, 0x9, 0x0, 0x3}})
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x4}]}]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0xa, 0x0, 0x0, @void, @value}, 0x20)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
executing program 3:
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x7c, 0x3, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x1}, [@CTA_LABELS_MASK={0x1c, 0x17, [0x3, 0x8, 0x80000000, 0xb11d, 0x1, 0x2]}, @CTA_SEQ_ADJ_REPLY={0x3c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5f97}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xfffffff5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xd147}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000180)={'veth0\x00'})
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000001c0)={'macvlan0\x00', {0x2, 0x0, @loopback}})
r1 = signalfd4(r0, &(0x7f0000000200)={[0x6]}, 0x8, 0x80000)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, 0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f00000002c0)={0x8, r2})
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r1, 0x3b88, &(0x7f0000000340)={0xc, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000380)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r3)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)={<r7=>0xffffffffffffffff}, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f00000004c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfff}, r7}}, 0x30)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000540)={0x12, 0x10, 0xfa00, {&(0x7f0000000500), r7, r3}}, 0x18)
ioctl$BTRFS_IOC_SCRUB(r5, 0xc400941b, &(0x7f0000000580)={<r8=>0x0, 0x6, 0x3b8, 0x1})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000980)={r8, 0x9, 0x0, 0x1})
ptrace$setregs(0xf, 0x0, 0x40, &(0x7f0000000d80)="5c03f5d36e21c65cd49a95022990a050cb4d7d21e786256968a793e0c7bbb4b8133c")
ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000dc0))
getpeername$unix(r0, &(0x7f0000000e00), &(0x7f0000000e80)=0x6e)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000ec0)=0x1c)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000f00)={0x73622a85, 0x1000})
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000001280)=<r9=>0x0)
stat(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
getgroups(0x9, &(0x7f0000001380)=[0xffffffffffffffff, <r11=>0xee00, 0xffffffffffffffff, 0x0, 0xee00, 0xffffffffffffffff, 0xee00, 0xee01, 0xffffffffffffffff])
r12 = mq_open(&(0x7f00000013c0)='nl80211\x00', 0x0, 0x127, &(0x7f0000001400)={0x7, 0x7e9b, 0x101, 0x7fffffffffffffff})
r13 = gettid()
read$FUSE(r0, &(0x7f0000001440)={0x2020, 0x0, 0x0, <r14=>0x0}, 0x2020)
r15 = getpgid(0x0)
sendmsg$netlink(r3, &(0x7f0000005a80)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000f40)={0x2d8, 0x20, 0x300, 0x70bd29, 0x25dfdbfc, "", [@nested={0x227, 0x27, 0x0, 0x1, [@nested={0x4, 0xf6}, @nested={0x4, 0x9d}, @generic="f6625bde90b7461fcc182ac65d4ee932cfe20925ee7486a93ac6f460045a36aa65fe895df25f52afd95efca629bacde3345b80e37d329db0d01afc960a390f5647c3508ca0154f19e852a268c2b726a936324cb9ba8812dffb782b84ea7ec7f552368825c982a25b04a7a179e4b5d0265d8d69d2c7c2b0639949937323c543e694628511b03ef9236173e2fad7a77f596e862a6dd8", @nested={0x4, 0x143}, @typed={0xe6, 0x99, 0x0, 0x0, @binary="757b6529977b41fd546919cd7c2abd3eff4a349648939a3e0f5fc79a9c37fa66f6917e7a595d33aa9b234612b525c4a19ea858825ab546b2f3bbbf315f11c85d276909a6d74a1a7f116943fd7d66d98ff41c6ec893e0e221b5725654594e47f36297a3cf9930687dfe2ecf13999e0649b0def5e841da7969bfe86fb991a8ce32c05b2dcbf2ce6a4095168f650591d23a9d2035bba272a5772c16330265ebb4a3544872201ab9c6984765c659a9314e7d55fcb7710fae1164348c89cfb09f99d6a00f4e0487c8ea70737adc50a2394224a8a4dbb5aefa8c32f36f3f865a856a768a68"}, @generic="44ce4fb7136156265746511b9e0453f4038954fe79fbce230eeb45f92a77a4c187fec996dae46d4f198813bac994f29898f47e8ed2f00a8dce26ea3e3e778a451b3219d4bd24cd8c80704701ce49d07ab9819b4ddab4d7fb55ece50b8a19aa91c6b60d603197098412324560fd975991688fbefa3c96ff66e755f7b353ae1ad345f5b65ac69bcda4113ee79fa04ca5b7d325f8900d1331f9f437"]}, @typed={0x8, 0x11, 0x0, 0x0, @fd=r5}, @typed={0xc, 0x118, 0x0, 0x0, @u64=0x1ff}, @nested={0x8, 0x31, 0x0, 0x1, [@nested={0x4, 0x16}]}, @typed={0x8, 0xde, 0x0, 0x0, @u32=0x86e}, @generic="4ecd9583912fe8b3d7ec71240a5684722072e5beb46f45ebd16e65072c4aa9c8", @typed={0x47, 0x14d, 0x0, 0x0, @binary="dd1059f6464e93d5c4c11fcadb4aadc84b3936e914f0926cc88bf0f180016bbc413e36895420424ab081240ceccb2de258cee086416e7a48ee8027b856a526594650b0"}, @generic, @nested={0x8, 0x106, 0x0, 0x1, [@generic, @nested={0x4, 0x27}]}, @nested={0xc, 0xad, 0x0, 0x1, [@typed={0x8, 0x149, 0x0, 0x0, @u32=0xfffffffb}]}]}, 0x2d8}], 0x1, &(0x7f0000005940)=[@cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}, @rights={{0x18, 0x1, 0x1, [r3, r1]}}, @rights={{0x18, 0x1, 0x1, [r12, r0]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {r15}}}, @rights={{0x14, 0x1, 0x1, [r6]}}, @rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}], 0x128, 0x48000}, 0x94)
executing program 32:
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x7c, 0x3, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x1}, [@CTA_LABELS_MASK={0x1c, 0x17, [0x3, 0x8, 0x80000000, 0xb11d, 0x1, 0x2]}, @CTA_SEQ_ADJ_REPLY={0x3c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5f97}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xfffffff5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xd147}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x6}}, './file0\x00'})
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000180)={'veth0\x00'})
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000001c0)={'macvlan0\x00', {0x2, 0x0, @loopback}})
r1 = signalfd4(r0, &(0x7f0000000200)={[0x6]}, 0x8, 0x80000)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, 0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f00000002c0)={0x8, r2})
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r1, 0x3b88, &(0x7f0000000340)={0xc, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000380)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r3)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)={<r7=>0xffffffffffffffff}, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f00000004c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x19}, 0xfff}, r7}}, 0x30)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000540)={0x12, 0x10, 0xfa00, {&(0x7f0000000500), r7, r3}}, 0x18)
ioctl$BTRFS_IOC_SCRUB(r5, 0xc400941b, &(0x7f0000000580)={<r8=>0x0, 0x6, 0x3b8, 0x1})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000980)={r8, 0x9, 0x0, 0x1})
ptrace$setregs(0xf, 0x0, 0x40, &(0x7f0000000d80)="5c03f5d36e21c65cd49a95022990a050cb4d7d21e786256968a793e0c7bbb4b8133c")
ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000dc0))
getpeername$unix(r0, &(0x7f0000000e00), &(0x7f0000000e80)=0x6e)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000ec0)=0x1c)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000f00)={0x73622a85, 0x1000})
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000001280)=<r9=>0x0)
stat(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
getgroups(0x9, &(0x7f0000001380)=[0xffffffffffffffff, <r11=>0xee00, 0xffffffffffffffff, 0x0, 0xee00, 0xffffffffffffffff, 0xee00, 0xee01, 0xffffffffffffffff])
r12 = mq_open(&(0x7f00000013c0)='nl80211\x00', 0x0, 0x127, &(0x7f0000001400)={0x7, 0x7e9b, 0x101, 0x7fffffffffffffff})
r13 = gettid()
read$FUSE(r0, &(0x7f0000001440)={0x2020, 0x0, 0x0, <r14=>0x0}, 0x2020)
r15 = getpgid(0x0)
sendmsg$netlink(r3, &(0x7f0000005a80)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000f40)={0x2d8, 0x20, 0x300, 0x70bd29, 0x25dfdbfc, "", [@nested={0x227, 0x27, 0x0, 0x1, [@nested={0x4, 0xf6}, @nested={0x4, 0x9d}, @generic="f6625bde90b7461fcc182ac65d4ee932cfe20925ee7486a93ac6f460045a36aa65fe895df25f52afd95efca629bacde3345b80e37d329db0d01afc960a390f5647c3508ca0154f19e852a268c2b726a936324cb9ba8812dffb782b84ea7ec7f552368825c982a25b04a7a179e4b5d0265d8d69d2c7c2b0639949937323c543e694628511b03ef9236173e2fad7a77f596e862a6dd8", @nested={0x4, 0x143}, @typed={0xe6, 0x99, 0x0, 0x0, @binary="757b6529977b41fd546919cd7c2abd3eff4a349648939a3e0f5fc79a9c37fa66f6917e7a595d33aa9b234612b525c4a19ea858825ab546b2f3bbbf315f11c85d276909a6d74a1a7f116943fd7d66d98ff41c6ec893e0e221b5725654594e47f36297a3cf9930687dfe2ecf13999e0649b0def5e841da7969bfe86fb991a8ce32c05b2dcbf2ce6a4095168f650591d23a9d2035bba272a5772c16330265ebb4a3544872201ab9c6984765c659a9314e7d55fcb7710fae1164348c89cfb09f99d6a00f4e0487c8ea70737adc50a2394224a8a4dbb5aefa8c32f36f3f865a856a768a68"}, @generic="44ce4fb7136156265746511b9e0453f4038954fe79fbce230eeb45f92a77a4c187fec996dae46d4f198813bac994f29898f47e8ed2f00a8dce26ea3e3e778a451b3219d4bd24cd8c80704701ce49d07ab9819b4ddab4d7fb55ece50b8a19aa91c6b60d603197098412324560fd975991688fbefa3c96ff66e755f7b353ae1ad345f5b65ac69bcda4113ee79fa04ca5b7d325f8900d1331f9f437"]}, @typed={0x8, 0x11, 0x0, 0x0, @fd=r5}, @typed={0xc, 0x118, 0x0, 0x0, @u64=0x1ff}, @nested={0x8, 0x31, 0x0, 0x1, [@nested={0x4, 0x16}]}, @typed={0x8, 0xde, 0x0, 0x0, @u32=0x86e}, @generic="4ecd9583912fe8b3d7ec71240a5684722072e5beb46f45ebd16e65072c4aa9c8", @typed={0x47, 0x14d, 0x0, 0x0, @binary="dd1059f6464e93d5c4c11fcadb4aadc84b3936e914f0926cc88bf0f180016bbc413e36895420424ab081240ceccb2de258cee086416e7a48ee8027b856a526594650b0"}, @generic, @nested={0x8, 0x106, 0x0, 0x1, [@generic, @nested={0x4, 0x27}]}, @nested={0xc, 0xad, 0x0, 0x1, [@typed={0x8, 0x149, 0x0, 0x0, @u32=0xfffffffb}]}]}, 0x2d8}], 0x1, &(0x7f0000005940)=[@cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}, @rights={{0x18, 0x1, 0x1, [r3, r1]}}, @rights={{0x18, 0x1, 0x1, [r12, r0]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {r15}}}, @rights={{0x14, 0x1, 0x1, [r6]}}, @rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}], 0x128, 0x48000}, 0x94)
executing program 2:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)
executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r1 = socket(0x80000000000000a, 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), r2)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000007e40)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r2, &(0x7f0000007f80)={0x0, 0x0, &(0x7f0000007f40)={&(0x7f0000007e80)={0x44, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x20, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffff}]}, @NL802154_ATTR_SEC_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x40000)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000780)={0x0, {{0xa, 0x4e24, 0x6589e3, @mcast1, 0x8}}, {{0xa, 0x4e1d, 0x4, @private1, 0xfffffff8}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
r5 = socket$kcm(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000140)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @alu={0x6, 0x0, 0xd}, @exit={0x95, 0x0, 0x7b00}, @call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f00000003c0)='syzkaller\x00', 0x4, 0x92, &(0x7f0000000240)=""/146, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$inet(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r6 = socket$kcm(0x29, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r8 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r8, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000040)={r8, r7})
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000040)={r5, r7})
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000340)=""/54, 0x36}], 0x1, 0x5b, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000400)=0x200000000)
r11 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x13)
sendmsg$nl_route(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3800000068000100030010000000008000000000000000000c00020001000000150000000c000c80f2ffffffffffffff0600030001"], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
r12 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r12)
tkill(r12, 0x12)
tkill(r12, 0x12)
ptrace(0x4208, r12)
sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x38, r10, 0x100, 0x70bd2a, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x63}]}]}, 0x38}}, 0x4)
executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000400)='net/ip6_tables_matches\x00')
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x17)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000040)=r1, 0x4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, 0x0}, 0x20)
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x7f)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="0c0100001a0007000000000000000000ff020000000000000000000000000001e0000002000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff016300000000000000000000000001000000002b000000fc0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000070000000000000000000000000000000000040000000000e80a000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bb08000c0003000000"], 0x10c}}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r3, &(0x7f0000019340)=""/102372, 0x18fe4, 0xc2a)
executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f00000000c0)=0x8c, 0xa)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x30}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa441, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r7, 0x4038ae7a, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0})
syz_emit_ethernet(0x6e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004500006000000000000190780a010101ac1414aa05019078e000000241a00004000000000289000064010101e0000002441c9571ac1e0101000020000a0136edfddc0401ac1414aa000000034414445364010100000000090a010101fffffffd5ba7facf43a528becaefd68d30d4a1c0cba388b467aaee1c1848d03b851185b4ee"], 0x0)
sendfile(r1, r4, &(0x7f00000001c0)=0xffffffff80000000, 0xffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x34e, &(0x7f0000000780)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x318, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x5a, 0x1, 0x0, 0x0, [{0x3, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x2000000000000199, "000005000000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d260600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000007c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000780)={&(0x7f0000000480)={0x2f4, 0x3d, 0x2, 0x70bd25, 0x25dfdbfe, {0x3}, [@typed={0x8, 0xb6, 0x0, 0x0, @ipv4=@loopback}, @generic="53df40a1ea48bf9984b85f81865ec901fb28fcf38bbfa44586ec2338fee94ddbd5f44d0b6cf4b63c38dfc1986224eeb85144969d4dc760149335f1a210a5b86648665bd7cd83d51a1bb77325008a40a082f0b0fa9d8a32", @generic="fdc3477b", @nested={0xc, 0x8f, 0x0, 0x1, [@typed={0x8, 0x63, 0x0, 0x0, @str=')#%\x00'}]}, @nested={0x1e6, 0x3f, 0x0, 0x1, [@generic="69ed443c8e0ebb21aa725d25727ee72b407e6c589b4e2c4aa7eea18a9f62985f7171720b95d8bc242c5abe05b22ff7d169799489aae0e4c240e6df121c5ed50a8efb618a0f4ee397a5d8595c79593be546e290e54b14d76265659ffca326f42e3dbb49b1b72707505e8903a3f7aead50fd31ce8d1d08d04449c4cc0d5cc1b2801bf45fe751376a83a9d5ad378a36db78e8e5e736661f6ca8c62bfc88055f7195a043d2", @typed={0x45, 0x4, 0x0, 0x0, @binary="ab07471cebdac91e78dc4dcc154fd2048347cdffc4dad6f579eb6a357970a40a3943eb5c85477cefab86f7d54d0b167ab83e3791514f30f870027dafbfdae947b9"}, @generic="d5889fa31f02d3eda4145bf5df74add329ead6b5066c57550d855fe1cd3a68e3f905d79e00e4783cbebde00b9f441cf44e6767d2217e3d1d542b3402e51dae2c6521816e8cfd528df4ec4e273986a83c8bbc1029853adb29c4e01c2c352bcf1987205a40044a967284b68168a16aff03de88cbedf1a7b66727536dac6a13b42499e9e8a63905ee24847ca05558375c499d2b058d24d4ccee8535754cc57462344eb51d6edfe501360862b81784f1800d3aaa118701b5bf23e2e777911eb327bc7cd00432", @generic="195d3c3d4801adb7089830edf070526ca3b244243216bf5e5e8e54fa71c9fe7a6bcc062dceab00cbcd6813e484e02328e00ac8"]}, @generic="0fb90865a29d772b2ede56c4f056aa64fac72aaf48d7681b5400ec2978b48ec88a9d0fd740460dda46bd80fd6cff0a67e8f7c91f195cb707751872c8158e933d7d2213669c10ef25b18721cdd9d5d0992dd7cc1c835b0800666d0ec9100a9b989f0dc4d03b11a87f93b22458ba44e6f0c4f97e7fb28232c1b20223da04ef9749abcd29558c543f15"]}, 0x2f4}, 0x1, 0x0, 0x0, 0x48001}, 0x880)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040))
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x20000, 0x4}]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, &(0x7f0000000800)={0x0, 0xfff, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x440, 0x4000000002, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffff2a4, 0x2000, 0x2], 0x0, 0x200306})
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r5, 0xf502, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f0000000080)={0x8})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
executing program 2:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0x800455d1, 0xfffffffffffffffd)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x11, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x4008090)
execve(&(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000980)={[&(0x7f00000005c0)='syz1\x00', &(0x7f0000000600)='LED\x00']})
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x54}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r1, @ANYBLOB="0100000000000000240012000c000100627269646765000e1400020008"], 0x44}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
mount$overlay(0x0, &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = socket(0x10, 0x2, 0x6)
sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x128}}, 0x0)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa3)
bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$inet6(r2, &(0x7f0000000100)="0503460008003e00000002008100", 0x36, 0x0, 0x0, 0x0)
executing program 33:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x54}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r1, @ANYBLOB="0100000000000000240012000c000100627269646765000e1400020008"], 0x44}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
mount$overlay(0x0, &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = socket(0x10, 0x2, 0x6)
sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x128}}, 0x0)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa3)
bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$inet6(r2, &(0x7f0000000100)="0503460008003e00000002008100", 0x36, 0x0, 0x0, 0x0)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) (async)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
accept$alg(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10) (async)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10)
sendmmsg$unix(r4, &(0x7f0000002a00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae03, 0xa3)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r8, &(0x7f00000000c0)={0x1d, r9, 0x2, {0x0, 0xf0, 0x3}, 0xfd}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r10=>0x0})
bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r10, 0x2, {0x0, 0xf0, 0x1}, 0xff}, 0x18)
r11 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
accept4(r11, 0x0, 0x0, 0x80800) (async)
accept4(r11, 0x0, 0x0, 0x80800)
executing program 4:
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000000)={&(0x7f0000000180)="68a96afa847d161d36b84ba84b8334c825166945243d230faa260aeec66ff0ab1d140d5cb730f7178b38a503ab64bf7ebaa7dbae0a7512e4e10b3aed153ea6e3695d2e39973c648dc9a87699d04865fcd07de5227e64f916609f9bc4a6257b64b98d89cc4a227bfdd1437d84eed44a4494d6b725f88c7fcf4473ca4cc98308cea4b7c99770b70b2704dc56a68fbac4403eac6ccda37280c23f9e591d6d96a31843add97c6e79a3b3e2a6373418be08f1e0169022894230b901aff00611c24900db6e9c849ebfefcfcf4200c5a7f820e437ccb19211", 0xd5, <r0=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000280)=[0x0, r0, r0, r0, r0, r0, r0, r0], 0x8, 0x80000, 0x0, <r1=>0xffffffffffffffff})
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x19}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f00000009c0)=""/109)
executing program 4:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
pipe(0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
close(r0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r4], 0x20}}, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000240), 0xfffffecc)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x714f, 0x0)
executing program 0:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket(0x1, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r1, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0xfffc, 0x7, @empty, 0x200}, 0x1c)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000000000000bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000035040000500000001d400200000000006504040000ffffffb4030000000000001d440000000000007a0a00fe000000000f03000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af2542ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64364f56e24e6d2128c7e0ec82770c8204a1ddeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7dfcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d3490dd97adab638cca595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8c83c3d8cbfedc038395342846e1b207974e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfcd7ad0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f9212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0000cf70a91c76e8b14de02b884114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad8508f7550cad7ec93af7fb1b50c75ba1ee7baa19faf67256b56a355b6a686ba99d0a8950f0937f778af083e055f5138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516466df3e7d1daac43738612e4fee18a22da19fcdb4c2811e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96735600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003ebfbdc1f9be78537756ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca311a28ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1e1979e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a508460f2d0455cf79a43746979f99f60037e84fb478199dc1020f4beb98b8074bf7df8b5e783637da7418fd3aa81cff202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adde305ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0d0274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1ecbf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cbf5d6b6898335792747588d49df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed4254332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d943622000000000000000000000000000000000000000000000000000000000000000000000000000000000000f112fc8a4942d7453cf29cbbef3a567ea0a2a8a0561dfb6cfe7f1812405e1a092b382adc0698c377b0a1f49afb6ba26f8e28cf68b0065857b36276931c318cb84f748a26c4d81a0322ce21e7d9c002006cf8ac6402e036cf9344a1cb1b8603276000144268a0aa584a92188f55318dde1d1b09319c00d0de3471ab4243ac0f49516a690c514ba6449f0a804fcac3f30bf4a933d32c889283aa092cca9aa349b624c5ed2b66fa0439f54f83c9ff8be083221609c8696433da46c91ac52e5b1d159daed1af0cda0ee05ae770a7ea467d5602b441e748b7f22496f8453fb6b7cc2dd3a8ce15fd76387fc02d4e2b7b4502a80000000000000000000000000000000000000000e046c0756c0955a81165e4212a1a58334fe51269f228ad32fba2bdae0172278d3bb48c370f6b59c0c7ba9b0aaae317d3f8104fd696bc76268923c396b017003ddcd205c05311dcae277e5b0000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, 0x0}}], 0x1, 0x24040890)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x12)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000140)=0x1, 0x4)
executing program 4:
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x105, 0x4800003a, r3, 0x0)
read$FUSE(r4, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
read(r0, &(0x7f0000000100)=""/208, 0xd0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f0000000240), 0x4, &(0x7f0000000040))
executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f00000002c0), 0xc, 0x101b01)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
syz_open_dev$usbfs(&(0x7f0000000040), 0xc, 0x101600)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f00000000c0)={0x801484})
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @initdev={0xac, 0x1e, 0xfd, 0x0}}}, 0x0, 0x0, 0x3f8, 0x5, 0x10, 0x63821132}, 0x9c) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400fbff3700010000000000000077bff4e3ad297bcc90dc7b3ef514b3c700000000000048455eb414cc06271f9f4d8d7e0817d5db7dc1f4c915242bf3a27497a8d247968c99a374b77ffde2755a0e907f"], 0x14}}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x29, 0x4) (async)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x90000005}) (async, rerun: 32)
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000) (rerun: 32)
connect$unix(r3, &(0x7f0000000140)=@abs, 0x6e) (async)
lseek(r2, 0x1fffffffd, 0x2) (async, rerun: 64)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34c8, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async, rerun: 64)
getdents64(r2, &(0x7f0000000280)=""/87, 0xfffffffffffffe99)
r6 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$qrtrtun(r6, &(0x7f0000000340)="6a0cc193beb70a52", 0x8)
ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f0000000300)={0x6, {0x8000, 0x9, 0x7f, 0x325d, 0x8, 0x8}})
executing program 0:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58d"])
r4 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xff58)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r6, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
syz_usb_disconnect(r4)
r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r7, 0x82, 0xa8, &(0x7f0000000040)=ANY=[])
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r8, 0x0, 0x0)
executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000380)={r2, 0x0, 0x1ff, 0x0, 0x0, [<r3=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r3, 0x0, <r4=>0xffffffffffffffff})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r5, 0xc0bc5351, &(0x7f0000000000)={0x97, 0x0, 'client1\x00', 0x4, "e07fd187e36823c5", "d969d205213edd5063b70042ff0d395b1d75a50b05e5e7d5a8bd20f7a444d1e8", 0x2, 0x100})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x13, r4, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_print_times', 0x149a82, 0x0)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000240)={0x8000, {{0x2, 0x4e20, @multicast1}}, 0x1, 0x5, [{{0x2, 0x4e22, @rand_addr=0x64010102}}, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x36}}}, {{0x2, 0x4e22, @rand_addr=0x64010101}}, {{0x2, 0x4e24, @rand_addr=0x64010100}}, {{0x2, 0x4e21, @loopback}}]}, 0x310)
sendfile(r1, r1, 0x0, 0x5)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001000810526bd700000000000000000003cbe13e851729052f8e356002c106091bbe642336f588223c1159db394179aa6c166f08fe67e9b879920a4f73d238e286095ae2e23428f61e25a5d4f1dc98d8fe21d07e6e7f489955044015ec7053aba565cc55ef62526a61cf803bad3132d59a471e01c4c603ea6e5a0f733e8af6eff8803e5820e542acd25a2cb7af9a1dfb0914a4ea7fdde0ef3be08ec1fec165fabbd787fa133e1d6fe359d7d5e688bae6b3759", @ANYRES32=0x0, @ANYBLOB="022000002000000014001280090001007663616e0000000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
executing program 1:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='highspeed\x00', 0xa)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2b00b8, &(0x7f00000002c0)={[{@huge_never}]})
sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
shutdown(r0, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000300)=ANY=[@ANYRES8=r1, @ANYRES32=r1, @ANYBLOB="00000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff4aae048f0008000000b704000000000000850000005900000095", @ANYRESDEC=r1, @ANYRESHEX=r0], 0x0, 0x0, 0xfffffffffffffefe, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, 0x0, &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
executing program 5:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x54}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r1, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket(0x10, 0x2, 0x6)
sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x128}}, 0x0)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa3)
bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$inet6(r2, &(0x7f0000000100)="0503460008003e00000002", 0xb, 0x0, 0x0, 0x0)
executing program 1:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r0, 0x6, 0x19, 0xfffffffffffffffd, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
open$dir(&(0x7f0000000080)='./file1\x00', 0x22240, 0x82)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan1\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001c000104000000000000000002000000", @ANYRES32=r2, @ANYBLOB="100000000a00010001"], 0x30}}, 0x4)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file1/file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r3, 0x4, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f0000000140)="96", 0x1, 0x1, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000040)={<r7=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
recvmmsg(r4, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x4c, &(0x7f0000000340)=ANY=[@ANYBLOB="0180c2000000ece65fbcee556f7efb71f58876cd3b3d3dbe8b86dd6001010000161100fe8000000000000000000000000000bbfe8000000000000000000000000040aa00030e2200169078020300147d4230c3fab60000000000ffb00afe4e700c0e38f3462223f9d3d266ce6a88f5ece32999179ff5282761706c220cf10957fdc720dac3a2f7fed3d0"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r9, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x105, 0x4800003a, r3, 0x0)
read$FUSE(r4, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
read(r0, &(0x7f0000000100)=""/208, 0xd0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f0000000240), 0x4, &(0x7f0000000040))
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xd, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r5, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xc}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24008880}, 0x4044000)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r7, 0x4028700f, &(0x7f0000000140)={0x6, 0x0, {0x20, 0x37, 0x9, 0x10, 0x2, 0xee6d, 0x0, 0xf7, 0x1}})
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}, @local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}, @local}}}}, 0x0)
executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x2, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x26}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x401, 0x70bd2a, 0x2000, {0x0, 0x0, 0x0, 0x0, 0x20520, 0x41811}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x8, 0x8, 0x9}]}}}]}, 0x3c}, 0x1, 0xd, 0x0, 0x31d12d490dcd105d}, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000040)={'tunl0\x00', <r3=>0x0, 0x700, 0x1, 0x7, 0x2, {{0x22, 0x4, 0x1, 0x7, 0x88, 0x67, 0x0, 0x0, 0x3c, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x14, 0xba, 0x0, 0x8, [0x9, 0xae71, 0x7, 0x80000000]}, @generic={0x82, 0x3, "df"}, @timestamp_addr={0x44, 0x2c, 0x6d, 0x1, 0x3, [{@multicast1, 0xc}, {@local, 0x7}, {@remote, 0x1}, {@multicast2, 0xfffffff6}, {@multicast1, 0x7}]}, @noop, @rr={0x7, 0x1f, 0x40, [@loopback, @loopback, @rand_addr=0x5, @remote, @loopback, @remote, @dev={0xac, 0x14, 0x14, 0x41}]}, @end, @noop, @timestamp={0x44, 0xc, 0xb7, 0x0, 0x5, [0x1, 0x8001]}]}}}}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f00000001c0)}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x20, 0x0, 0x2, 0x70bd2a, 0x25dfdbf8, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x4000004}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x80d0}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r6, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r7}, @void}}}, 0x28}}, 0x0)
r8 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r8, 0x0)
write$dsp(r8, &(0x7f0000000980)="7cbf9e4d1d6fde9c09b130a44e5b8ecb627f9fa8a83161af921a2fc521249a6fd76c923a7be23727a5837f751a61090a89b906a0f318983502ee4f027e15beff7636aeb3422db5efcdaf4529ee39e605d6d9455b77558e991d6e70644d39b2fcab21d243e3", 0x65)
r9 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ppoll(&(0x7f00000000c0)=[{r9, 0x600}, {r9, 0x9411}], 0x2, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000680)={'\x00', 0x0, 0x0, {0xfffffffffffffff5, 0xffff}, {0x6, 0x2}, 0xab4, [0x5, 0x7b, 0x3, 0x4000000005, 0x3ff, 0x66, 0x5, 0x5f, 0x8, 0x9, 0x10, 0xa, 0x6, 0xffdffffffffffff7, 0x621, 0xe4]})
r10 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000940)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000007c0)={&(0x7f00000008c0)={0x4c, r6, 0x800, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0xffffffff, 0x6b}}}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
ioctl$DRM_IOCTL_GEM_FLINK(r10, 0xc008640a, &(0x7f0000000180))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xdf}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
add_key(&(0x7f0000002100)='asymmetric\x00', 0x0, &(0x7f00000008c0)="3080", 0x2, 0xfffffffffffffffe)
sendmsg$NL80211_CMD_GET_SURVEY(r11, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x20, r12, 0x300, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x48}}}}, ["", "", ""]}, 0x20}}, 0x8004)
write$selinux_load(r2, &(0x7f0000000340)={0xf97cff8c, 0xfffffc61, 'SE Linux', "2d185423bfe87441073ad81995e2e017757d2bb640bf334b37e07ae0bcc9ec62517dcd95d85d8f5da5864300000000000000000000001efcdbedc0e752c7da3e0f4e6c982e1988b79fd3d45895e752f7cddd7868cc66e4c7bbd1d1e89a5f73d89d87da9f9013416e05979e059240b9bf9e28712b13216ff851b8f326b742cf6bb2062f0c08a7e182ccee69d7bd0442b54d0dec581cbb20cedba35140c292214fd05f879ef3cc5f5c6a9a49007efdcf12c1d239e01fb495e400e4945be7ce34315c370190c35295aeb8d8f4b4c906a4d9ed7d7221ecec261073b213cdcabff1daacc9c1e7d3b549eea4a5fe43d7a114567fb336940d350d1a700aee3c5dd90c8fb2f16cbc64132452ecba0b7db005962797b6ebf6e2bcd94beaa2969e59d7beea9eca5a55f27168796206e56437b38f31c571fcd2bf9c9ab579a082fad478170d6d3ae33aa1b94149e36976189dad80f5dc7eca161347da39ab87ac3a708e6e494e3880a361eba89831fd1905f62de6d934077b0ff15a348eb25fecb5b3acffc1ff7a9cb4a2112e4c3f27a1df45e0b16ed658e64fd32ff2ae21cf9b35657b86bbd17760e78d774b0c2eb0a78e34d70dcffb580dc332af99b05208707a1357c8e2409ca66d70e59882b2d3fed8df64a4d6a0881345ac2e7d9728480cb358c05e22615c2c55018bdf2356e459456f2b8fa5f1dd48805d940bbaaaee01a4885da7c3a25bf6ce854b052fb812d9d76ce53b87ea201bb6c90e18b6c952f8def7d63f881ffbdb12cf8295ed3214a0305bef5cef65e3ad4c22c4b1e0f6537cb12a01d41b1d"}, 0x20)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSCTTY(r3, 0x540e, 0x9)
connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @local}, 0x10)
getpeername$llc(r2, 0x0, 0x0) (async)
getpeername$llc(r2, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r6, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x400, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, 0x500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r8=>r0, {0x1}}, './file0\x00'})
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) (async)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x8, 0xd, 0x5, 0x6850c, r8, 0x8000, '\x00', r4, 0xffffffffffffffff, 0x1, 0x5, 0x5, 0xffffffffffffffff, @value=r9, @void, @void, @value}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x8, 0xd, 0x5, 0x6850c, r8, 0x8000, '\x00', r4, 0xffffffffffffffff, 0x1, 0x5, 0x5, 0xffffffffffffffff, @value=r9, @void, @void, @value}, 0x50)
bind$llc(r2, &(0x7f00000002c0)={0x1a, 0x302, 0x3, 0x0, 0x5, 0x0, @broadcast}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182d1447ad1ad837003", 0xe, 0xfffffffffffffffe) (async)
add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182d1447ad1ad837003", 0xe, 0xfffffffffffffffe)
syz_emit_ethernet(0x52, &(0x7f0000000340)=ANY=[@ANYRES32=r7, @ANYRESHEX=r1, @ANYRESOCT=r6, @ANYRESDEC=r7, @ANYRESHEX=r1, @ANYRES8], 0x0) (async)
syz_emit_ethernet(0x52, &(0x7f0000000340)=ANY=[@ANYRES32=r7, @ANYRESHEX=r1, @ANYRESOCT=r6, @ANYRESDEC=r7, @ANYRESHEX=r1, @ANYRES8], 0x0)
r10 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) (async)
r11 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r10, r11, r10}, &(0x7f00000000c0)=""/83, 0xffffffffffffff02, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) (async)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) (async)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
dup(r13)
executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f00000003c0)=[{0x5, 0x61, 0x0, 0x0, @time, {}, {}, @result}], 0x1c)
executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x0) (async)
r1 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) (async)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x11, r1, 0x0) (async)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) (async)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000001c0)="0600000000000000040f46ecdb4cb9cca705000000000000e3bd6efb3401e0469472e3bca8f3f7daf67cd84e2921347f4a3ba023adce64860b948e7c1816f1b5def2dfa0c546de52673ebfccf7d0ee4f9c1ca9ebbc63c1e82513d25ecae9f14a3884910ebd9ece0ce912b9d198c9cb5056845679f22f8dcc7c11509711fa52cd4062184b5bdb2a4d14dba89367fcf2bb9ab3bb92c1daaf2c8ffd4575", 0x9c}], 0x1, 0x0, 0x0, 0xc9e}, 0x80)
executing program 5:
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x2, 0x2, 0x2})
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe)
ioctl$TCFLSH(r2, 0x540b, 0x2)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r1}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000240)='mmap_lock_acquire_returned\x00', r3}, 0x18)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000940)=0x28, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c)
sendmmsg$inet6(r4, &(0x7f00000012c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000100)={0xa, 0x4e22, 0x81, @loopback, 0xd28}, 0x1c, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x2, 0x0)
getsockopt$inet_mptcp_buf(r1, 0x11c, 0x3, &(0x7f00000003c0)=""/106, &(0x7f0000000440)=0x6a)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14", 0x3}], 0x1}}], 0x1, 0x20008000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000380)={0x2, @sdr})
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)
gettid()
executing program 1:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x54}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r1, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket(0x10, 0x2, 0x6)
sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x128}}, 0x0)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa3)
bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$inet6(r2, &(0x7f0000000100)="0503460008003e00000002", 0xb, 0x0, 0x0, 0x0)
executing program 5:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200fe80ffff00000e1208000f0100810401a80016ea1f000b400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
mount(&(0x7f00000006c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='hpfs\x00', 0x204001, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING-gettid
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)
gettid()

program crashed: WARNING: refcount bug in p9_req_put
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
fsopen(&(0x7f0000000340)='afs\x00', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
r1 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
socket$netlink(0x10, 0x3, 0xa)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid}]}})
r0 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, <r0=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r0}}]}})
r1 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000080))
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid}]}})
r1 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), 0x0, &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, 0x0)
r1 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-socket$netlink-getsockopt$sock_cred-mount$9p_virtio-fsopen-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0xa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000400)={'trans=virtio,', {[{@access_uid={'access', 0x3d, r1}}]}})
r2 = fsopen(&(0x7f0000000340)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='so\xf5rce', &(0x7f0000000280)='source', 0x0)

program did not crash
reproducing took 44m15.84646991s
repro crashed as (corrupted=false):
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 86 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 86 Comm: kworker/u32:5 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 48 f5 df fc 84 db 0f 85 66 ff ff ff e8 5b fa df fc c6 05 50 58 b4 0b 01 90 48 c7 c7 60 24 15 8c e8 07 bf 9e fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 fa df fc 0f b6 1d 2b 58 b4 0b 31
RSP: 0018:ffffc900006f8d90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248
RDX: ffff888022eb8000 RSI: ffffffff817ae255 RDI: 0000000000000001
RBP: ffff888039f44888 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888039f44888
R13: ffff888052344800 R14: 0000000000000015 R15: 1ffff1100458800c
FS:  0000000000000000(0000) GS:ffff8880d6a53000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f88ffd10f98 CR3: 000000000e382000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 p9_req_put+0x1ec/0x250 net/9p/client.c:404
 req_done+0x1dc/0x2e0 net/9p/trans_virtio.c:147
 vring_interrupt drivers/virtio/virtio_ring.c:2715 [inline]
 vring_interrupt+0x31e/0x400 drivers/virtio/virtio_ring.c:2690
 __handle_irq_event_percpu+0x229/0x7d0 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
 handle_edge_irq+0x28e/0xab0 kernel/irq/chip.c:789
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq arch/x86/kernel/irq.c:254 [inline]
 call_irq_handler arch/x86/kernel/irq.c:266 [inline]
 __common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:292
 common_interrupt+0xba/0xe0 arch/x86/kernel/irq.c:285
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:139 [inline]
RIP: 0010:wrmsrq arch/x86/include/asm/msr.h:199 [inline]
RIP: 0010:native_x2apic_icr_write arch/x86/include/asm/apic.h:233 [inline]
RIP: 0010:__x2apic_send_IPI_shorthand arch/x86/kernel/apic/x2apic_phys.c:92 [inline]
RIP: 0010:x2apic_send_IPI_allbutself+0x21/0x40 arch/x86/kernel/apic/x2apic_phys.c:97
Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 89 f8 83 ff 02 74 29 0d 00 00 0c 00 89 c6 0f ae f0 0f ae e8 b9 30 08 00 00 31 d2 0f 30 <66> 90 c3 cc cc cc cc 31 d2 bf 30 08 00 00 e9 bc 27 a6 03 be 00 04
RSP: 0018:ffffc9000167f860 EFLAGS: 00000246
RAX: 00000000000c00fc RBX: ffff88806a73cf50 RCX: 0000000000000830
RDX: 0000000000000000 RSI: 00000000000c00fc RDI: 00000000000000fc
RBP: 0000000000000003 R08: 0000000000000000 R09: ffffed100d4e79ea
R10: ffff88806a73cf57 R11: 0000000000000001 R12: ffffed100d4c874c
R13: 0000000000000000 R14: ffff88806a73cf50 R15: ffff88806a73cf40
 kvm_smp_send_call_func_ipi+0x1e/0x250 arch/x86/kernel/kvm.c:640
 arch_send_call_function_ipi_mask arch/x86/include/asm/smp.h:100 [inline]
 send_call_function_ipi_mask kernel/smp.c:127 [inline]
 smp_call_function_many_cond+0xc1e/0x1510 kernel/smp.c:869
 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052
 on_each_cpu include/linux/smp.h:71 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2660 [inline]
 smp_text_poke_batch_finish+0x5ae/0xdb0 arch/x86/kernel/alternative.c:2932
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x376/0x550 kernel/jump_label.c:919
 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate mm/kfence/core.c:850 [inline]
 toggle_allocation_gate+0xfa/0x280 mm/kfence/core.c:842
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	f3 0f 1e fa          	endbr64
   d:	89 f8                	mov    %edi,%eax
   f:	83 ff 02             	cmp    $0x2,%edi
  12:	74 29                	je     0x3d
  14:	0d 00 00 0c 00       	or     $0xc0000,%eax
  19:	89 c6                	mov    %eax,%esi
  1b:	0f ae f0             	mfence
  1e:	0f ae e8             	lfence
  21:	b9 30 08 00 00       	mov    $0x830,%ecx
  26:	31 d2                	xor    %edx,%edx
  28:	0f 30                	wrmsr
* 2a:	66 90                	xchg   %ax,%ax <-- trapping instruction
  2c:	c3                   	ret
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	31 d2                	xor    %edx,%edx
  33:	bf 30 08 00 00       	mov    $0x830,%edi
  38:	e9 bc 27 a6 03       	jmp    0x3a627f9
  3d:	be                   	.byte 0xbe
  3e:	00                   	.byte 0x0
  3f:	04                   	.byte 0x4

final repro crashed as (corrupted=false):
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 86 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 86 Comm: kworker/u32:5 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 48 f5 df fc 84 db 0f 85 66 ff ff ff e8 5b fa df fc c6 05 50 58 b4 0b 01 90 48 c7 c7 60 24 15 8c e8 07 bf 9e fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 fa df fc 0f b6 1d 2b 58 b4 0b 31
RSP: 0018:ffffc900006f8d90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248
RDX: ffff888022eb8000 RSI: ffffffff817ae255 RDI: 0000000000000001
RBP: ffff888039f44888 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888039f44888
R13: ffff888052344800 R14: 0000000000000015 R15: 1ffff1100458800c
FS:  0000000000000000(0000) GS:ffff8880d6a53000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f88ffd10f98 CR3: 000000000e382000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __refcount_sub_and_test include/linux/refcount.h:400 [inline]
 __refcount_dec_and_test include/linux/refcount.h:432 [inline]
 refcount_dec_and_test include/linux/refcount.h:450 [inline]
 p9_req_put+0x1ec/0x250 net/9p/client.c:404
 req_done+0x1dc/0x2e0 net/9p/trans_virtio.c:147
 vring_interrupt drivers/virtio/virtio_ring.c:2715 [inline]
 vring_interrupt+0x31e/0x400 drivers/virtio/virtio_ring.c:2690
 __handle_irq_event_percpu+0x229/0x7d0 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
 handle_edge_irq+0x28e/0xab0 kernel/irq/chip.c:789
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq arch/x86/kernel/irq.c:254 [inline]
 call_irq_handler arch/x86/kernel/irq.c:266 [inline]
 __common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:292
 common_interrupt+0xba/0xe0 arch/x86/kernel/irq.c:285
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:139 [inline]
RIP: 0010:wrmsrq arch/x86/include/asm/msr.h:199 [inline]
RIP: 0010:native_x2apic_icr_write arch/x86/include/asm/apic.h:233 [inline]
RIP: 0010:__x2apic_send_IPI_shorthand arch/x86/kernel/apic/x2apic_phys.c:92 [inline]
RIP: 0010:x2apic_send_IPI_allbutself+0x21/0x40 arch/x86/kernel/apic/x2apic_phys.c:97
Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 89 f8 83 ff 02 74 29 0d 00 00 0c 00 89 c6 0f ae f0 0f ae e8 b9 30 08 00 00 31 d2 0f 30 <66> 90 c3 cc cc cc cc 31 d2 bf 30 08 00 00 e9 bc 27 a6 03 be 00 04
RSP: 0018:ffffc9000167f860 EFLAGS: 00000246
RAX: 00000000000c00fc RBX: ffff88806a73cf50 RCX: 0000000000000830
RDX: 0000000000000000 RSI: 00000000000c00fc RDI: 00000000000000fc
RBP: 0000000000000003 R08: 0000000000000000 R09: ffffed100d4e79ea
R10: ffff88806a73cf57 R11: 0000000000000001 R12: ffffed100d4c874c
R13: 0000000000000000 R14: ffff88806a73cf50 R15: ffff88806a73cf40
 kvm_smp_send_call_func_ipi+0x1e/0x250 arch/x86/kernel/kvm.c:640
 arch_send_call_function_ipi_mask arch/x86/include/asm/smp.h:100 [inline]
 send_call_function_ipi_mask kernel/smp.c:127 [inline]
 smp_call_function_many_cond+0xc1e/0x1510 kernel/smp.c:869
 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052
 on_each_cpu include/linux/smp.h:71 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2660 [inline]
 smp_text_poke_batch_finish+0x5ae/0xdb0 arch/x86/kernel/alternative.c:2932
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x376/0x550 kernel/jump_label.c:919
 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate mm/kfence/core.c:850 [inline]
 toggle_allocation_gate+0xfa/0x280 mm/kfence/core.c:842
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	f3 0f 1e fa          	endbr64
   d:	89 f8                	mov    %edi,%eax
   f:	83 ff 02             	cmp    $0x2,%edi
  12:	74 29                	je     0x3d
  14:	0d 00 00 0c 00       	or     $0xc0000,%eax
  19:	89 c6                	mov    %eax,%esi
  1b:	0f ae f0             	mfence
  1e:	0f ae e8             	lfence
  21:	b9 30 08 00 00       	mov    $0x830,%ecx
  26:	31 d2                	xor    %edx,%edx
  28:	0f 30                	wrmsr
* 2a:	66 90                	xchg   %ax,%ax <-- trapping instruction
  2c:	c3                   	ret
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	31 d2                	xor    %edx,%edx
  33:	bf 30 08 00 00       	mov    $0x830,%edi
  38:	e9 bc 27 a6 03       	jmp    0x3a627f9
  3d:	be                   	.byte 0xbe
  3e:	00                   	.byte 0x0
  3f:	04                   	.byte 0x4